Thoughts on the evolution of wireless networks and mobile web 2.0

Until recently, European travelers to South Korea could not use their mobile phones due to incompatible wireless standards. Recently, however, KTF and SK Telecom have chosen to change standards and are now deploying UMTS/HSDPA networks (see here and here).

To use these networks with "European" UMTS phones, two other things need to be in place. First, these networks must be deployed in the 2.1 GHz frequency band, which is the band supported by European UMTS phones. Second, the home operator must have a roaming agreement with at least one of the operators that are deploying HSDPA networks.

Looks like all three things came together for a colleague of mine who traveled to South Korea recently. He's a subscriber with T-Mobile Germany and was able to use KTF's UMTS/HSDPA network without any trouble with his Nokia E-60 3G phone. Funnily enough, T-Mobile lists KTF still as CDMA network in their roaming data base.

Similarly in Japan, foreign visitors from Europe can now also use their 3G phones since NTT-DoCoMo and Softbank (former Vodafone K.K.) both operate UMTS/HSDPA networks in the 2.1 GHz band. Not many places on earth now anymore with a wireless network in range where a GSM/UMTS phone can not be used. For a world wide overview of GSM/UMTS coverage, take a look here.

In a previous post, I've been looking at how authentication is performed in WPA enabled Wifi networks. A growing number of GSM and UMTS devices now also include Wifi as an alternative access technology and if cellular operators decide to run Wifi hotspots, a convenient way must be found to authenticate these hybrid devices there as well. A number of different solutions exist but most of them require the user to input information. To remove this user interaction, an authentication method now known as EAP-SIM was recently specified in RFC 4186. With EAP-SIM, user interaction is no longer required when the device registers to the Wifi network, as all required authentication information is taken from the SIM card. Here is how it works:

EAP-SIM uses the same authentication framework as described for WPA personal and enterprise authentication. The figure on the left shows the messages exchanged between the mobile station and the authentication server via an EAP-SIM capable access point during authentication. After the Wifi open system authentication and association, the access point starts the EAP procedure by sending an EAP Identity Request to which the mobile device has to respond to with an EAP Identity Response message. The identity returned to the network in this message is composed of a identity type identifier, the IMSI (International Mobile Subscriber Identity), which is taken from the SIM card, and an operator specific postfix. Alternatively, the mobile device can also send a temporary identity (pseudonym) which has been agreed with the network during a pervious authentication procedure. The pseudonym is similar to the TMSI (Temporary Mobile Subscriber Identity) used in GSM networks but has a different format and is used to hide the subscriber’s real identity from eavesdroppers.

In the next step, the network sends an EAP SIM Start request which contains a list of different versions of supported EAP SIM authentication algorithms. The client device selects one of the algorithms it supports and sends an EAP SIM Start response message back to the network. This message also contains a random number which is used for a number of subsequent calculations on the network side in combination with a secret (the Kc) which is shared between the mobile device and the network. This way the network is also able to authenticate itself to the client.At this point the authentication server in the network uses the subscriber’s IMSI to request authentication triplets from the GSM/UMTS Home Location Register (HLR) / Authentication Center (AuC) (cp. e.g. Chapter 1.6.4 of my book). Two or three GSM random values and GSM ciphering keys returned by the HLR are then used to generate EAP SIM authentication keys, EAP SIM encryption keys and other values required for the EAP-SIM authentication process. These are sent in encrypted form together with the two or three GSM random values in plain text to the client device in an EAP SIM Challenge request to the mobile device.

The mobile device then uses the GSM random values received in the message and forwards them to the SIM card. The SIM card then generates the GSM Signed Response and GSM ciphering keys which used afterwards to decipher the EAP SIM parameters received. If those values are identical to the values used by the network, the mobile device is able to send a correct response message which is then verified on the network side. If verification was successful an EAP Success message is returned and the client is admitted to the network.

The second figure on the left shows the different devices and protocols used during authentication. On the left side the mobile client sends its EAP messages via the EAPOL protocol. For the messaging between the access point and the authentication server, the RADIUS protocol can be used. The authentication sever finally communicates with the HLR/AuC via the SS-7 circuit switched signaling network and the Mobile Application Part (MAP).

Currently, only few Wifi hotspot networks run by cellular operators support EAP-SIM authentication. One that does already, however, seems to be the hotspot network run by Swiss Mobile, as they announce it as part of the network name and also sell EAP-SIM compatible combo GPRS/UMTS/Wifi cards.

I'd like to finish my day with a positive story so here we go: In Austria, there are quite a few mobile operators embracing their customers instead of keeping them from using the mobile Internet with unaffordable or even non existent rates. Today, ONE has announced the launch of H.U.I (which would translate into "wow" in English) which stands for "Höllenschnelles Ultra-einfaches Internet" ("devilishly fast ultra simple Internet").

H.U.I comes in three packages: 250 MB a month for 10 euros, 1 GB for 20 euros or 20 GB for 50 euros. The HSDPA PCMCIA card or USB modem is free for the 1GB and 20 GB offer and 99 euros for the smallest package with a 24 month contract. No activation charge, no additional fees, no additional voice package required, no additional taxes. Once the included data volume is exceeded, the maximum speed is reduced to 56 kbit/s. Great, so no more accidental charges when overstepping an invisible boundary. In case the boundary is hit, customers can pay 5 euros to move the boundary by the amount of the initial offer. If the users oversteps the 1 GB boundary for example, 5 euros unlock another gigabyte. Very good! Takes the fear out of the equation.

I don't really know what else to say, the offer speaks for itself. Wow!

Back in November, I was delighted to read that "Der Spiegel", one of Germany's high profile political magazines reported that EU commissioner for information society and media Viviane Reding is also looking into pricing for data roaming in Europe. Now, "Focus", another high profile political magazine published an article in which Ms. Reding is reported to say that she is very worried about the extremely high prices for SMS and data services ("Ich bin sehr besorgt über die sehr hohen Preise"). "Tagesschau", a popular German TV new show followed suite.

I'd really welcome some action to get realistic and affordable data roaming prices. In the U.S. for example people roam from east coast to west coast never thinking about roaming costs. European travelers on the other hand are constantly impacted by high roaming fees and thus limit their communication when in other parts of Europe to the absolute minimum. Most people's communication behavior at home and abroad is thus completely different. It's not only a lifestyle question but a major competitive disadvantage as well.

How is the media treating this topic in other EU countries? Please leave a comment. Thanks!

With an Internet tablet or a powerful mobile web browser running on devices like the Nokia N- or E-Series phones, this blog can be read on the go pretty much like on an ordinary PC. Many people, however, use less powerful browsers which need content adaptation. Additionally, network coverage while traveling can vary greatly and sometimes browsing while on a train or in the car is difficult. There are other ways, however, to read this and other blogs on the go:

A mobile RSS feed reader: Similar to feed reader programs on the PC, users can make a list of their favorite blog feeds. The program then downloads the content of the feeds which can then be viewed off line. This is my favorite way of reading blogs both on the PC and on the mobile. Several mobile feed reader applications are available and my favorite is Resco News for S60.

Opera Mini: If mobile phone processing power or high mobile Internet prices are an issue, Opera Mini is the solution. It's a Java applet, runs on many phones, and uses a server on the net to format web pages for easy viewing on a small display. Pages are also compressed to save money and to reduce download times.

Google Mobile: Offers a service which reformats pages for mobile viewing.

Winksite: Among other things, Winksite can take RSS feeds to create mobile websites. This blog for example can be read with almost any mobile browser via http://winksite.com/msauter/wireless. For people with phones that include a 2D barcode reader application, I've supplied a code on the side bar which contains the URL of the mobile version of this blog.

While being at the 3GSM congress last week, I used the opportunity to visit my publisher and to pick up a couple of good books which will keep me entertained in the weeks to come. One of these books is "HSDPA/HSUPA for UMTS" by Harri Holma and Antti Toskala.

If you 'only' want to get a good overview of HSDPA (and UMTS), you might want to take a look at my book first. If, however, you want to get the nitty gritty details, read the standards (like I did before writing my book, but not really recommendable as you'll die of boredom or confusion unless you are a die hard like me) or Harri's and Antti's book. In chapter 7 on HSDPA bit rates, capacity and coverage, they feature an interesting mathematical formula on how to calculate the CAPEX (capital expenditure) cost per giga byte transmitted over HSDPA depending on the price per base station (or price per TRX to be exact).

They concluded that at a price per base station (Node-B) with six transceivers of around €100.000 (which includes the partial price of the RNC and core network serving this base station) the CAPEX cost would be around two to four Euros per GB of data traffic. An interesting number! Be careful, however, as the OPEX (operational expenditure) part of the cost is still missing. Also, the formula does not take partly loaded networks into account. They also give the price per GB of data traffic for other network / base station prices as well.

So what's the cost of a UMTS base station these days? I did some research on this on the Internet but came up almost empty handed. Seems to be quite a well kept secret. The only reference I could find on UMTS and GSM base station prices is in an article on Unstrung from 2004. Here, Brett Simpson of Arete Research LLC is quoted giving a price for a UMTS base station in 2004 of $24.000. It seems rather low to me. Anyone got other sources?

How delighted I was when I heard Nokia's announcement that they would release their Nokia Maps (a.k.a. Smart2Go) mapping application for handsets other than the Nokia N95. Right after coming back from the 3GSM congress, I downloaded a copy for my N93 and used it in the past couple of days together with a Nokia LD-3W Bluetooth GPS receiver. If you want to get a basic idea of what it does and how it works I can recommend a good intro on Antony Pranata's blog. After using it for a couple of days now I sat down tonight to blog a bit about how the application performs in practice.

I decided to split this report in several parts as the mapping software is quite powerful and has more features than can be described in a single entry:

Part 1: Navigation to close-by (100km) destinations.

Part 2 (to come soon): Nokia maps as a guide for finding a location in a city while walking

Part 3 (to come soon): Route planning and navigation for destinations 500+ kilometers away (more demanding than the task in part 1)

Part 1: Car Navigation To Close-By DestinationsLicense and Payment Model

Most features of Nokia maps can be used for free. The most important ones are certainly the free download of all maps, route planning and GPS city navigation on foot. Car navigation with voice commands, however, is not free. The pricing scheme is quite interesting. Western Europe maps for car navigation for a 30 day period are 10 euros. A three year license is 99 euros. In practice, I think this is quite a good idea as it's possible to try the application for a month for a small sum before making a longer and more expensive commitment. For Nokia, selling their service this way has the additional benefit to bind customers to their phones for the next three years as the 3 year license can be used with another phone as well by safeguarding the activation code received during the payment procedure. Paying for voice navigation can be done directly in the application by entering your credit card information or by premium SMS.

Getting The Maps

There are several ways to transfer the maps to the phone. The most convenient way is to download them as they are needed over the air directly into the phone, either via Wifi or via the GSM/UMTS network. For my first test I tried both ways by searching for some destinations all over the world. Maps for the surroundings of these destinations were quickly downloaded. When zooming in or out or moving around the selected destination, additional parts are quickly added as well. Maps are not discarded after exiting the application and are re-used. In order not to use the GSM/UMTS network for my other tests I decided to download additional map parts via the Nokia MapLoader, a program on the PC. Over the PC additional maps can be downloaded to the memory card of the mobile phone within a matter of minutes. I decided to download the maps of Southern Germany, Austria, Switzerland, Rome (Lazio) and Paris (Ile de France). Together, the maps require around 200 megabytes, no big deal for my 2 GB memory card.

Selecting the Destination And Calculating A Route

A route for navigation is selected by using the current GPS location as starting point and by searching for a destination either by address, by previously stored location (landmark), from additional guides (to be bought separately), from recent searches or directly from the map. When searching for a specific address the application searches the maps already loaded and also remote maps in case an Internet connection is available. The beta version of the software I used had a pretty ugly bug in the search function. When I entered several words for the street name (e.g. "Rue Lafontaine") the search became stuck in an endless loop and I had to restart the phone. Searching for addresses works o.k. for single words ("e.g. Lafontaine") which also finds my "Rue Lafontaine". Search times are acceptable and a search takes about 15 seconds. Once the destination has been found the next step is to calculate the route and to display it. For my test I selected a destination about 50 kilometers away to see how long the route calculation would take. For my destination, the calculation took about one minute. Quite a long time when you already sit in the car, poised to go. Once the route is shown on the map one can start navigation. Again, the application takes about another minute to re-calculate the route before the first voice command is finally issued.(**) This is quite long in practice and the software designers should concentrate on making this process faster. However, it is still acceptable and usable.

Navigation

Navigation is pure joy. One can select 2D or 3D mode. The picture on the left shows how navigation looks like in 3D mode. Unlike on the picture, which was taken just when a turn occurred, the route to be taken is always shown in vertical direction, i.e. you always drive towards the upper side of the phone screen. I was a bit concerned that the screen would be a bit too small in practice. To my positive surprise, however, I had no issues with the screen size while driving, possibly also because the voice commands where clear and were given at the right time. Also the maps were up to date and newly built roundabouts were already known.

Running Other Applications While Navigating

I like to listen to podcasts while driving so a main requirement for me is that the application allows other programs to run in the background. This works quite well in practice and on my way back I listened to a 45 minutes podcast running in the background while navigating. The occasional navigation speech commands and podcast audio were mixed and played over the speaker simultaneously. Incoming calls mute the podcasts and one can accept or reject incoming calls as usual. When rejecting, the phone returns to the mapping application and resumes the podcast. When accepting a call, the mapping application was terminated, probably because the phone ran out of memory. Not good in practice as you have to stop afterwards and repeat the route planning. It could be that the mapping application was terminated because the podcast application was also running. Nothing that couldn't be fixed with some additional memory...

Stability

Taken everything into account I am quite happy with the mapping application. It does its job and it does it well. Stability however, could still be improved. While using the mapping application this morning for example, the calendar reported an upcoming meeting while I was driving and using the mapping software. This prompted the phone to make a reset and to deny reactivation until I removed the battery for a couple of seconds. Not quite what you want to do while driving. It could have been the OS, it could have been the application which malfunctioned, but as a user I don't care.

Summary

Part 1 was already quite convincing for me. If the application also performs well for navigation to destinations more than 500 km away (part 3 of this review), I'll leave my old navigation system at home for my next trip. So much for today, more on other things you can do with Nokia maps in part 2 of this review. If you have any questions in the meantime, please leave a comment.

(**) Update: It's also possible not to display the route and instead hit the back button a couple of times to leave route planning once the destination has been found and displayed on the map. Once out of route planning, the application still shows the selected destination on the map. From the menu, it's now possible to select "navigate to" which saves the time required to calculate the route. Not quite obvious to do it this way but it saves a lot of time.

In the past, Wifi networks were criticized a lot for being insecure. In the meantime, however, the IEEE standards body and the industry have reacted and designed WPA and WPA2 (Wireless Protected Access) which is implemented in most products today. WPA and WPA2 deal with both authentication and ciphering and a lot of information is available on the net about the ciphering part. Information on the authentication part, however, is scarce. Time to change this:

As shown in figure on the left, a client joins a network by performing a ‘pseudo’ authentication and associating to the network afterwards. In a WPA network an additional authentication and key exchange follows this procedure. The first authentication has thus become completely obsolete but has been kept in place nevertheless. The access point announces that WPA is to be used instead of the older WEP (Wired Equivalent Privacy) by including an additional WPA description parameter in beacon frames which are required to inform nearby stations of the presence of the access point. This parameter informs clients that an additional step for authentication and ciphering key negotiation is required after the association procedure. The parameter also contains additional information concerning the algorithms to be used for authentication and ciphering. First WPA implementations use TKIP (temporal key integrity protocol) for ciphering, which is described in more details below. Current devices also optionally support AES (Advanced Encryption Standard), which has become mandatory for WEP2 as also discussed below.

The figure on the left shows the four step process required by WPA in pre-shared key (PSK) mode to authenticate the client to the access point and vice versa. In addition, client and access point agree on ciphering keys during this process, which are used for encrypting user data frames once authentication is complete. In the first message, the access point sends a random number to the client. The client then uses the random number and the pre-shared key, i.e. the password the user types in once, to generate a response. The pre-shared key has a length of 8 to 64 characters. The response is sent back to the access point together with another random value. The access point then compares the response to the value it has calculated with its own secret key. If the secret keys of client and access point are identical the two values match and the client is authenticated. The access point then generates a session key which it then encrypts with the pre-shared key and sends it back to the client. The client uses its pre-shared key to decrypt the session key and acknowledges proper reception in the fourth message. This implicitly activates ciphering in both directions. In a final step the access point then informs the client of the session key used for broadcast frames. This message is already encrypted. While the session keys for individual user data frames are unique for each client, the key for deciphering broadcast frames is the same for all clients because such frames have to be decrypted by all.

By using session keys instead of the pre-shared key for ciphering it is possible to change the session key frequently to prevent brute force key generation attacks. A typical value to negotiate a new session key between the access point and a client is one hour.

While I enjoyed the sights and sounds of Barcelona over the weekend, Phil Schwarzmann, a.k.a. the Voice of S60, was already back in Helsinki and was busy putting up the podcast we recorded on Thursday at the 3GSM congress. In the podcast we discuss the congress, the exhibition, S60 competition as well as my blog and a my latest book. The 14 minute podcast is available for download here.

Just two weeks have passed now that three German Mobile Virtual Network Operators (MVNOs), all using the networks of E-Plus, have announced to slash costs for mobile Internet access to 0.24 Euros per megabyte for their prepaid offers. I've tried it out myself and I really like the prepaid way of being connected wirelessly while on the go. The companies haven't gone silent since and have kept the press busy with new announcements.

At this time only AldiTalk SIM cards give users access to the UMTS network while subscribers of the other MVNOs are restricted to the GSM/GPRS network of E-Plus. One of them has reacted now has announced that SIM cards which allow access to the UMTS network will be available shortly. I guess some people must be really busy right now getting this in place to catch up with the competition.

To keep the press writing about the new tariff, one operator has announced that new subscribers will get a welcome bonus of 80 megabytes. Not too bad! Keep going guys, hopefully the competition using the T-Mobile network will wake up and enter the prepaid mobile data realm as well!